Meanwhile, security researchers are reporting a new vulnerability in SP2 that could allow a malicious Web site to deposit an attack program on a user's system.

The attack utilizes Internet Explorer's drag-and-drop features and the Windows "shell folders" to copy an executable from a malicious Web site to a user's startup folder, from which it would execute the next time the user logged on.

[A]ll-conquering Internet Explorer has been stuck in the mud for the past year, as Microsoft stopped delivering new versions. The company now rolls out only an occasional fix as part of its Windows updates. Gates and company won the browser war, so why keep fighting it?

The problem is that hackers continue to find and exploit security holes in Explorer.